LiittleCookie/vpn-install
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

default reject rules removing

Browse Source
This commit is contained in:
bedefaced 2017-08-26 16:34:04 +03:00 committed by bedefaced
parent f4dd24b065
commit f53fb1ed6e
3 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ipsec/iptables-setup.sh
View File

@ -98,6 +98,9 @@ eval iptables -A OUTPUT -p esp -j ACCEPT $COMMENT
eval iptables -A INPUT -p ah -j ACCEPT $COMMENT eval iptables -A INPUT -p ah -j ACCEPT $COMMENT
eval iptables -A OUTPUT -p ah -j ACCEPT $COMMENT eval iptables -A OUTPUT -p ah -j ACCEPT $COMMENT
# remove standart REJECT rules
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F

4
openvpn/iptables-setup.sh
View File

@ -85,6 +85,10 @@ eval iptables -A OUTPUT -o tun+ -j ACCEPT $COMMENT
eval iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT $COMMENT eval iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT $COMMENT
eval iptables -A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT $COMMENT eval iptables -A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT $COMMENT
# remove standart REJECT rules
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F
iptables-restore < $IPTABLES iptables-restore < $IPTABLES

13
pptp/iptables-setup.sh
View File

@ -3,13 +3,6 @@
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source $DIR/env.sh source $DIR/env.sh
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
systemctl enable iptables
systemctl stop firewalld
systemctl disable firewalld
systemctl start iptables
fi
COMMENT=" -m comment --comment \"PPTP\"" COMMENT=" -m comment --comment \"PPTP\""
if [[ ! -e $IPTABLES ]]; then if [[ ! -e $IPTABLES ]]; then
@ -35,7 +28,7 @@ done
# detect default gateway interface # detect default gateway interface
echo "Found next network interfaces:" echo "Found next network interfaces:"
ifconfig -a | sed 's/[: \t].*//;/^\(lo\|\)$/d' ifconfig -a | sed 's/[ \t].*//;/^\(lo\|\)$/d'
echo echo
GATE=$(route | grep '^default' | grep -o '[^ ]*$') GATE=$(route | grep '^default' | grep -o '[^ ]*$')
read -p "Enter your external network interface: " -i $GATE -e GATE read -p "Enter your external network interface: " -i $GATE -e GATE
@ -82,6 +75,10 @@ eval iptables -A OUTPUT -p tcp -m tcp --sport 1723 -j ACCEPT $COMMENT
eval iptables -A INPUT -p gre -j ACCEPT $COMMENT eval iptables -A INPUT -p gre -j ACCEPT $COMMENT
eval iptables -A OUTPUT -p gre -j ACCEPT $COMMENT eval iptables -A OUTPUT -p gre -j ACCEPT $COMMENT
# remove standart REJECT rules
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F
iptables-restore < $IPTABLES iptables-restore < $IPTABLES